After cross_fuzz leak: More Internet Explorer Vulnerabilities reported

Published: 2011-01-05
Last Updated: 2011-01-05 16:14:08 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Earlier this week, Michal Zalewski of Google released cross_fuzz [1], a tool so far used internally at Google to identify browser bugs. While the tool is not specific to a particular browser, Google had a lot of success using it against Internet Explorer. It is no surprise that with the release of the tool, we see the release of new vulnerabilities. For example, today a "Circular Memory References Use-after-free" issue was uncovered in Internet Explorer [2]

 

[1] http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
[2] http://www.vupen.com/english/advisories/2011/0026

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
0 comment(s)

Comments


Diary Archives